Bug 14750 - regression: Attempt to change password over IPv6 using kpasswd fails on server in gensec_krb5_start with NT_STATUS_INTERNAL_ERROR
Summary: regression: Attempt to change password over IPv6 using kpasswd fails on serve...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.14.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2021-07-02 12:25 UTC by lo+samba-bugzilla
Modified: 2021-07-19 06:30 UTC (History)
2 users (show)

See Also:

Patch for v4-14-test (1.75 KB, patch)
2021-07-08 09:14 UTC, Stefan Metzmacher
abartlet: review+
Patch for v4-13-test (1.75 KB, patch)
2021-07-08 09:15 UTC, Stefan Metzmacher
abartlet: review+

Note You need to log in before you can comment on or make changes to this bug.
Description lo+samba-bugzilla 2021-07-02 12:25:08 UTC
After commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any attempt to change a password over IPv6 fails on the server side. Samba generates the following log entries (on the domain controller):

    Starting GENSEC mechanism krb5
    Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR

On the client side the request to change the password results in the following message after a delay of a couple of seconds:

    kpasswd: Cannot contact any KDC for requested realm changing password

Commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6 addresses will be rejected.

Affected are all releases from branches 4.14 and 4.13. Older branches / releases are not affected.

On the distro side, this bug affects soon to be released Debian Bullseye, it does neither affect current stable Debian Buster nor Ubuntu Focal (LTS).
Comment 2 Volker Lendecke 2021-07-02 12:43:44 UTC
Hmm. Another case of "don't trust static analyzers blindly". Sorry for that!
Comment 3 Samba QA Contact 2021-07-05 23:52:04 UTC
This bug was referenced in samba master:

Comment 4 Stefan Metzmacher 2021-07-08 09:14:42 UTC
Created attachment 16676 [details]
Patch for v4-14-test
Comment 5 Stefan Metzmacher 2021-07-08 09:15:22 UTC
Created attachment 16677 [details]
Patch for v4-13-test
Comment 6 Andrew Bartlett 2021-07-08 09:17:23 UTC

Please select for the next 4.13 and 4.14 releases.
Comment 7 Karolin Seeger 2021-07-12 12:10:32 UTC
(In reply to Andrew Bartlett from comment #6)
Pushed to autobuild-v4-{13,14}-test.
Comment 8 Samba QA Contact 2021-07-12 13:53:20 UTC
This bug was referenced in samba v4-14-test:

Comment 9 Samba QA Contact 2021-07-13 10:34:17 UTC
This bug was referenced in samba v4-14-stable (Release samba-4.14.6):

Comment 10 Samba QA Contact 2021-07-13 13:19:29 UTC
This bug was referenced in samba v4-13-test:

Comment 11 Samba QA Contact 2021-07-14 08:16:03 UTC
This bug was referenced in samba v4-13-stable (Release samba-4.13.10):

Comment 12 Karolin Seeger 2021-07-19 06:30:28 UTC
Closing out bug report.